Skip To Content
Sponsored Content:Brought to you by Business Reporter

Cybersecurity Risk: A Growing ESG Issue

ISS Corporate Solutions is a Business Reporter client.

Investors are increasingly focusing on cyber-risk exposures and how companies manage them in line with ESG principles.

“Companies need to evaluate cybersecurity risk as a critical part of their ESG strategy to sustain shareholder value and investor confidence.”

Ransomware and cyberattacks increased by an estimated rate of 105% in 2021, sparking concern among companies and investors. With Russia’s war against Ukraine adding more fuel to the fire, companies are facing acute challenges in addressing enterprise cyber-risk exposures. With these factors in play, companies need to evaluate cybersecurity risk as a critical part of their ESG strategies to sustain shareholder value and investor confidence.  

Cybersecurity across the pillars of ESG

Cybersecurity risk impacts all parts of an organization and should be considered a boardroom concern similar to other ESG risks. As cyberattacks increase in size and frequency, the direct and indirect damage to companies—including loss of customer confidence, reputational damage, potential impact on stock price and possible regulatory actions or litigation—touch all aspects of ESG. 

Data breaches pose a threat to the social and environmental pillars of ESG, and hackers have successfully targeted critical infrastructure, pipelines and health care systems, causing harm to society and the environment. Companies need to integrate cybersecurity into their overall ESG strategies and ensure that these risks are viewed through an ESG lens to promote and maintain enterprise-wide cyber resilience, which will assure investors that cybersecurity risks are being managed.

Resilience through cybersecurity hygiene

Cybersecurity planning is a critical part of any ESG program. A robust and clear cyber-response plan can help any organization promote cyber resilience across its business and technical teams while proactively managing and mitigating cyber exposures. 

Cybersecurity hygiene involves proactively supporting the best risk management practices to protect an organization from debilitating cyberattacks. Continuously assessing an organization’s security posture to ensure that its networks are protected from potential intrusions is imperative. Another way to gain insight into an organization’s cyber-hygiene practices is to use cyber-risk ratings that provide a view into the external risks to its network. Using an approach similar to that of a potential hacker testing the technical defenses of an organization, cyber-risk ratings are used to identify vulnerabilities across public-facing networks. 

Managing third-party supply chain cyber risk

How organizations manage and mitigate their supply chain cyber risk is equally important to investors. Third-party risk and resilience are key issues that keep company executives up at night. This challenge extends to the management of cyber and privacy risks involving data shared with an organization’s supply chain partners, who are often the weakest link in security. By applying the same ESG standards to their supply chains, companies can ensure that risks posed by the vendor ecosystem are addressed at the same high level. 

“The U.S. Securities and Exchange Commission has proposed rules to enhance and standardize how public reporting companies assign board oversight, report material cybersecurity incidents and disclose cybersecurity risk management plans and governance.”

Proposed rules and company cyber-risk management

As the continued rise of ransomware and cyberattacks threatens companies globally, investors need to evaluate their portfolio companies through an ESG lens, including enterprise-wide cybersecurity risk management and transparent disclosures about how organizations are mitigating these risks.

To discover how ISS Corporate Solutions helps companies design and manage their ESG programs to align with company goals, reduce risk and manage the needs of diverse stakeholders by delivering expert advisory, data and software solutions, visit isscorporatesolutions.com.

ISS Corporate Solutions Inc. (ICS) is a wholly owned subsidiary of Institutional Shareholder Services Inc. (ISS). ICS provides advisory services, analytical tools and information to companies to enable them to improve shareholder value and reduce risk through the adoption of improved corporate governance and executive compensation practices. The ISS Global Research Department, which is separate from ICS, will not give preferential treatment to, and is under no obligation to support, any proxy proposal of a company (whether or not that company has purchased products or services from ICS). No statement from an employee of ICS should be construed as a guarantee that ISS will recommend that its clients vote in favor of any particular proxy proposal.

© 2022 Institutional Shareholder Services and/or its affiliates

This article originally appeared in Business Reporter. Header Image credit: iStock id1068362186

Business Reporter
LEARN MORE
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2025 Bloomberg L.P. All Rights Reserved.